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REMARKS/ARGUMENTS 

Claims 9-13, 15-19, and 29-33 are pending in this Application. 

By this Amendment, claims 9-12, 15-19, and 29-33 are currently amended. 
Applicants respectfully submit that support for the claim amendments can be found throughout 
the specification and the drawings. 

Claims 9-13, 15-19, and 29-33 remain pending in the Application after entry of 
this Amendment. No new matter has been entered. 

In the Office Action, claims 9-13 and 15-19 stand rejected under 35 U.S.C. § 
103(a) as being unpatentable over U.S. Patent No. 5,412,717 (hereinafter "Fischer"), in view of 
U.S. Patent Application Publication No. 2002/0029337 (hereinafter "Sudia"), in view of U.S. 
Patent Application Publication No. 2004/0139327 (hereinafter "Brown"), in further view of U.S. 
Patent Application Publication No. 2006/0179008 (hereinafter "Tallent"). Claims 29-33 stand 
rejected under 35 U.S.C. § 103(a) as being unpatentable over Brown, in view of U.S. Patent 
Application Publication No. 2003/0154376 (hereinafter "Hwangbo"), in view of Sudia, and in 
further view of Tallent. 

Claim Rejections Under 35 U.S. C. § 103(a) 

Applicants respectfully traverse the rejections to claims 9-13, 15-19, and 29-33 
and request reconsideration and withdrawal of the rejections under 35 U.S.C. § 103(a) based on 
Fischer, Sudia, Brown, Tallent, and Hwangbo. Applicants respectfully submit that Fischer, 
Sudia, Brown, Tallent, and Hwangbo, either individually or in combination, fail to disclose one 
or more of the claim limitations recited in each of claims 9-13, 15-19, and 29-33. These 
differences, along with other differences, establish that the subject matter as a whole of claims 9- 
13, 15-19, and 29-33 would not have been obvious at the time of invention to a person of 
ordinary skill in the art. 

As reiterated by the Supreme Court in KSR International Co. v. Teleflex Inc. 

(KSR), 550 U.S. , 82 USPQ2d 1385 (2007), the framework for the objective analysis for 

determining obviousness under 35 U.S.C. § 103 is stated in Graham v. John Deere Co. , 383 U.S. 
1, 148 USPQ 459 (1966). The factual inquiries enunciated by the Court are as follows: 
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(A) Determining the scope and content of the prior art; 

(B) Ascertaining the differences between the claimed invention and the prior art; 

and 

(C) Resolving the level of ordinary skill in the pertinent art. 

"To support the conclusion that the claimed invention is directed to obvious 
subject matter, either the references must expressly or impliedly suggest the claimed invention or 
the examiner must present a convincing line of reasoning as to why the artisan would have found 
the claimed invention to have been obvious in light of the teachings of the references." Ex parte 
Clapp , 227 USPQ 972, 973 (Bd. Pat. App. & Inter. 1985). 

Applicants respectfully submit that Fischer, Sudia, Brown, Tallent, and Hwangbo, 
either individually or in combination, fail to disclose or suggest the limitation recited in amended 
claim 9 of "validating, with the one or more processors associated with the one or more 
computer systems associated with the second organization, the authority of the user explicitly 
defined within the received digital certificate based on a comparison between the retrieved 
stored authority information and information included within the received digital certificate 
representing the maximum payment amount that the user is authorized to request and the 
plurality of specific payees to whom the user can request payment." (Emphais added). In 
particular, amended claim 9 includes subject matter directed to ensuring non-repudiation of a 
payment request by verifying that the authority presented by a user in a digital certificate is 
acurate. As taught in the Application, for example, when requests for payment are received by a 
financial institution from a certificate holder, the sender of the message incorporating the request 
for payment may be authenticated by means of the certificate presented. However, whether the 
request originated from an authenticated user is a separate question from whether the user has 
authority to make the request. For lack of better alternatives, the recipient of the message 
incorporating the request for payment and the certificate typically makes the assumption that the 
person so authenticated has also been authorized to represent and bind the company, which 
company is assumed to be the person's employer. 

Yet, changes in the status of employment of that person (such as, for example, 
suspension, demotion, termination or promotion) or of the privileges granted to the certificate 
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holder (such as signature authority) most often will materially affect the certificate holder's 
authority to bind his or her employer. Changes to the person's status of employment and/or 
authority can lag behind the continued use of the certificate. In other words, the person may 
have been recently terminated or suspended and that change in status may not be reflected in his 
or her certificate for an indeterminate period of time, thereby exposing the corporation to liability 
for transactions initiated or otherwise carried out by the employee through the issuance of one or 
more messages to a corporation's financial service provider (FSP). These issues make fraud on 
the company relatively easy to accomplish, such as when a recently terminated employee uses an 
otherwise valid certificate to issue payment requests to an FSP. The FSP may merely verify the 
validity of the certificate presented and carry out the payment instructions, with little or no 
recourse available to the company that has become bound by this fraudulent transaction. 

An important goal of a FSP in handling such transactions is, therefore, to insure 
that they are non-repudiable. The goal of non-repudiation is to prove that a particular transaction 
took place at the behest of a duly authorized representative of a company, so that liability for the 
transaction stays with the originator of the transaction (the company) and not the party who 
executed the transaction (the FSP). A non-repudiation feature establishes accountability of 
information about a particular event or action to its originating entity. This is an important 
security measure, as users are increasingly called upon to sign contracts for certain transactions 
or events; and FSPs want assurances that no FSP client will be able to repudiate such events, to 
thereby shift the liability for the transaction back to the FSP. To insure non-repudiation of 
transactions carried out by a financial application of the company, FSPs should require that those 
originating message-based transactions are unambiguously identified and authorized to do so. 

Accordingly, amended claim 9 recites validating the authority of the user 
explicitly defined within the received digital certificate. This is a substantially different process 
from authenticating a user where the verifier checks whether a digital signature matches a 
corresponding user. This is also a substantially different process from determining whether a 
transaction is within the authority of the user, such as comparing transaction info to limits 
presented in an authorization certificate (e.g., see Sudia). As further recited in amended claim 1, 
the digital certificate associated with the user includes a first portion configured to enable 
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authentication of the user by the second organization and a second portion configured to 
explicitly define authority of the user to request payments. As recited in amended claim 9, the 
second portion includes a maximum payment amount that the user is authorized to request and a 
plurality of specific payees to whom the user can request payment. Accordingly, amended claim 
9 recites a verification of whether the authority actually presented in the digital certificate 
confirms with a separate store or authority information. 

Applicants respectfully submit that Fischer, Sudia, Brown, Tallent, and Hwangbo, 
either individually or in combination, fail to disclose or suggest the above limitation. Each of 
Fischer, Sudia, Brown, Tallent, and Hwangbo, provide different mechanisms for validating 
authentication and validating a transaction but fail to disclose or suggest the recited manner for 
validating whether authorization information in a digital certificate actually corresponds to 
separately stored authorization information as recited in amended claim 9. 

Specifically, the Office Action acknowledges that Fischer fails to teach or suggest 
a list of specific payees and relies upon the teachings of Sudia. In this reliance, the Office Action 
presents a line of reasoning that Sudia can include "pre-approved counter parties" as indicated in 
paragraph [0084]. Yet, in paragraph [0073], where Sudia explains the processing when other 
attributes are included in authorization certificate 56, Sudia merely indicates that the recipient (or 
verifier) "uses the authorization certificate 5 6... to verify that the attribute values 57 of 
transaction 5 1 fall within the authorized attribute values 58 as specified in the authorization 
certificate 56." Accordingly, Sudia does not disclose or suggest a comparison between 
authorized attribute values 58 in the authorization certificate 56 and a separate independent soure 
of authorization information maintained by a second organizations as recited in amended claim 9 
but a simple check that a transaction conforms with the authorized attribute values 58 as 
specified in the authorization certificate 56. Sudia still assumes that the authorized attribute 
values 58 as specified in the authorization certificate 56 are valid merely because it is associated 
with a user signature, a cosigner, or a sponsor signature. Yet, amended claim 9 closes that 
loophole by storing authority information of users of a first organization independently of 
authority information incorporated within digital certificates assigned to the users and validating 
the authority of the user explicitly defined within a digital certificate received with a payment 
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request based on a comparison between the two sources of authentication information (e.g., a 
comparison between the digital certificate and the stored authority information). 

Accordingly, Applicants respectfully submit that Sudia fails to disclose each and 
every claim limitation as recited in amended claim 9. Applicants further respectfully submit that 
none of the cited references cure the above-discussed deficiencies of Sudia, and thus, amended 
claim 9 is allowable over Fischer, Sudia, Brown, Tallent, and Hwangbo because none of them, 
either individual or in combination, relate to verification of the authority of a user by a 
comparison between authority information in digital certificates and separate authority 
information maintained by a third party. 

Applicants respectfully submit that independent claims 15 and 29 are allowable 
for at least a similar rationale as discussed above for the allowability of claim 9, and others. 
Applicants respectfully submit that the dependent claims that depend directly and/or indirectly 
from the independent claims are also allowable for at least a similar rationale as discussed above 
for the allowability of the independent claims. Applicants further respectfully submit that the 
dependent claims recite additional features that make the dependent claims allowable for 
additional reasons. 

Unless otherwise specified, amendments to the claims are made for the purposes 
of clarity, and are not intended to alter the scope of the claims or limit any equivalents thereof. 

While Applicants do not necessarily agree with the prior art rejections set forth in 
the Office Action, these amendments may be made to expedite issuance of the Application. 
Applicants reserve the right to pursue claims to subject matter similar to those pending before the 
present Amendment in co-pending or subsequent applications. 
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CONCLUSION 

In view of the foregoing, Applicants believe all claims now pending in this 
Application are in condition for allowance. The issuance of a formal Notice of Allowance at an 
early date is respectfully requested. 

Further, the Commissioner is hereby authorized to charge any additional fees or 
credit any overpayment in connection with this paper to Deposit Account No. 20-1430. 

If the Examiner believes a telephone conference would expedite prosecution of 
this application, please telephone the undersigned at 925-472-5000. 

Respectfully submitted, 
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